sneader
Forum Replies Created
-
Forum: Plugins
In reply to: [Smart Slider 3] Conflict with Divi Theme CustomizerI really appreciate your willingness to help! I deactivated every plugin except SmartSlider 3, and the problem persisted (before posting in support), so I don’t think it’s being caused by another plugin. I also removed all custom CSS. Strange indeed, but I bet we’ll get to the bottom of it. I’ll reach out — thank you!
Forum: Plugins
In reply to: [CC Child Pages] Has this Plugin been Abandoned?This is great news, thank you very much! Is it possible to bump the version, too? Most security plugins will mark the plugin as a potential security issue, if there have been no updates in over 365 days (1 year).
Thanks again!!
Forum: Plugins
In reply to: [Visual Form Builder] Security check: referal does not match this site.Same problem — sad the authors have not responded as to what is causing this. Following.
Forum: Plugins
In reply to: [Quiz and Survey Master (QSM) - Easy Quiz and Survey Maker] Error thrownSame exact error here, causing inability to log into /wp-admin (however the site itself works OK)
[07-Jul-2021 03:59:20 UTC] PHP Fatal error: Uncaught Error: Call to a member function get_author_permastruct() on null in /home/USERNAME/public_html/wp-includes/author-template.php:347
Stack trace:
#0 /home/USERNAME/public_html/wp-content/plugins/wp-super-cache/wp-cache-phase2.php(2828): get_author_posts_url(‘1’)
#1 /home/USERNAME/public_html/wp-content/plugins/wp-super-cache/wp-cache-phase2.php(2924): wpsc_delete_post_archives(Object(WP_Post))
#2 /home/USERNAME/public_html/wp-includes/class-wp-hook.php(294): wp_cache_post_edit(58638)
#3 /home/USERNAME/public_html/wp-includes/class-wp-hook.php(316): WP_Hook->apply_filters(”, Array)
#4 /home/USERNAME/public_html/wp-includes/plugin.php(484): WP_Hook->do_action(Array)
#5 /home/USERNAME/public_html/wp-includes/post.php(7080): do_action(‘clean_post_cach…’, 58638, Object(WP_Post))
#6 /home/USERNAME/public_html/wp-includes/post.php(4264): clean_post_cache(Object(WP_Post))
#7 /home/USERNAME/public_html/wp-content/plugins/quiz-master-next/php/classes/class-qmn-log-manager.php(128): wp_insert_post(Array)
#8 / in /home/USERNAME/public_html/wp-includes/author-template.php on line 347Forum: Plugins
In reply to: [WooCommerce] Thousands of POST requests to /?wc-ajax=checkoutHi @webgmclassics ! I’ve not had much luck with captcha solutions. As someone mentioned on this thread, it seems a human is adding items to the cart and checking out, then they unleash some local script to start filling out and submitting card payments to test cards.
For now, we have two pretty good solutions in place, that others might consider looking into.
1) This plugin is really good (it requires PHP 7.4):
https://github.com/BrianHenryIE/bh-wc-checkout-rate-limiter2) We are definitely not Mod Security experts, and would welcome input to improve this Mod Sec rule, but this is definitely blocking bad guys after 10 posts to checkout, within 10 minutes (it usually only takes 10 seconds or less for them to post 10 times!)
# WordPress WooCommerce Brute Force detection SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:8000001 <LocationMatch "/"> <If "%{QUERY_STRING} =~ /wc-ajax=checkout/"> SecRule user:wc_bf_block "@gt 0" "deny,status:401,log,id:8000002,msg:'ip address blocked for 1 day, more than 10 wc-ajax=checkout attempts in 3 minutes.'" SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.wc_bf_counter=+1,deprecatevar:ip.wc_bf_counter=1/180,id:8000003" SecRule ip:wc_bf_counter "@gt 10" "t:none,setvar:user.wc_bf_block=1,expirevar:user.wc_bf_block=86400,setvar:ip.wc_bf_counter=0" </If> </Locationmatch>In our environment, this rule was added to “modsec/modsec2.user.conf”
We will definitely look closer at recaptcha as well — maybe we did not implement it correctly, or maybe it does not work on certain cart flows.
– Scott
Forum: Plugins
In reply to: [WooCommerce] Thousands of POST requests to /?wc-ajax=checkoutWe are seeing this same problem, across many client sites, using a recent version of WC (so the previous posts saying to simply upgrade WC are not correct).
This type of thing is what causes clients to lose confidence in WooCommerce, and WordPress in general. Automattic needs to get on board with a proper solution.
Watching this thread for more information/updates.
– Scott
Forum: Plugins
In reply to: [Responsive Lightbox & Gallery] WordPress 5.6 issueFolks, this plugin hasn’t been updated in 6 months. Further, WordPress 5.6 was available for testing purposes two months ago, so the author could have tested their plugin with the new version and fixed this prior to the release of 5.6. This all adds up to a plugin that has been abandoned by the author. I don’t want to be the bearer of bad news, but we all need to find a new, supported plugin to replace this one.
-Scott
Forum: Plugins
In reply to: [Responsive Lightbox & Gallery] WordPress 5.6 issueFYI, we used the “WP Downgrade” plugin to easily go back to WordPress 5.3.3, while we wait to see if this author is going to fix their plug in or not. As soon as we rolled back to 5.3.3, the plugin starts to work again:
Forum: Plugins
In reply to: [Responsive Lightbox & Gallery] WordPress 5.6 issueExact same problem. Hoping that the author will fix, but this plugin hasn’t had any updates in 6 months.
@nosilver4u I’m super excited that you still have a goal of implementing the ability to delete the bloated oversized original images. I’m working with a small customer right now that accidentally uploaded a ton of 13MB+ images and the problem is exactly as the OP has described. We now have scaled versions and no longer need the HUGE files, but they are now wasting a bunch of space with no way to do anything about it. Your solution is going to be extremely helpful to a lot of folks with disk-limited hosting.
Thank you!!
– Scott
Forum: Plugins
In reply to: [Gutenberg] Feature request – Media & Text block Image LinkPlease add the feature to simply create a text link to media. The use case is linking to a PDF file. When you select text and click the Link icon, and search… it does not find any matching media items, which it should.
Forum: Plugins
In reply to: [Imsanity] Does it automatically delete the hi-res uploaded file?Thanks for your efforts @nosilver4u !! And that is great news about the timing being hopefully this year. Super!
Forum: Plugins
In reply to: [Entry Expiration for Gravity Forms] Still Supported?Awesome, thanks for your support @travislopes !!
– Scott
Forum: Plugins
In reply to: [Smart Slider 3] Smart Slider 3.4 no longer supports Internet Explorer@nextendweb thank you for the tip on using “instant” loading. My slideshow disappeared from view for IE 11 users, until I made this change.
– Scott
@wfgerald I run a small hosting provider that has seen 2 of these (via support tickets) so far. I can’t find anything similar yet. The two affected clients are on different servers. Both servers run CloudLinux, but one is CL6, the other CL7. One server has MariaDB 10.1, the other is MySQL 5.7. One site is using PHP 7.3, the other PHP 5.6. One WP site is multisite, the other is not. Both sites use the Wordfence WAF, but when commenting it out in .htaccess it didn’t change anything. I’m stumped at the moment.
– Scott